We worked on a procedure for how to assess benefits and how to identify benefits. That discussion happened in January at the committee which my colleague chairs. We're now in the process of going after that benefits identification for those projects.

My safe guess is that we're actually about the same, but by the end of June we will be in a very significantly different place, because people have been working in teams since the conversation we had in January to figure out how to operationalize benefits for those other projects.

We've mandated that all active projects go back and revisit their business case, their business requirements, and their project plan to make sure that the benefits are clearly identified, measurable, and harvestable.

I want to continue with paragraph 5.22, on which I have one quick question left.

Clearly Canada Border Services Agency did not file the appropriate requirements for Treasury Board at the time. I'm wondering if there were any penalties applied because of that. How did Treasury Board deal with the situation that you had failed to update your investment plan as per their particular requirements?

Sorry, I was not around at the time of the first, but certainly as soon as we were made aware of the need for updating the capital plan, which is a five-year capital plan or investment plan, we did so immediately. This is the second version of the plan we produced after we were made aware of this.

The original plan was supposed to be for five years, but in the middle of it, all those investments came pouring in. As soon as somebody identified that we needed to update our investment plan, we did.

Okay. I'm just wondering, because obviously Treasury Board guidelines are there for a reason. Those policies are set for a reason. When an agency does not abide by them, as is being reported right now through the Auditor General's report, I'm wondering how those situations are dealt with. I'm surprised that you wouldn't know at this stage.

I'll move now to paragraph 5.20. A question was raised earlier about five of the projects the report examined that went through the Canada Border Services Agency project management framework and that moved on to their next phases without meeting some of the necessary prerequisites that were outlined.

Could you outline to me what the five projects were, just so that we have it on the record, and why it was not necessary to meet the established prerequisites? What were the prerequisites, to start with, and how close were the five projects to meeting them? Were there any consequences for not meeting those prerequisites?

Perhaps you could explain that to me, because I don't think we've had a clear understanding of that at this stage.

With regard to those five projects, we mentioned that we've had a project measurement framework since 2012. The project measurement framework did not include an investment management component and benefits realization component. All of those projects were gated under the project management framework. The portfolio management framework, which was deployed in February 2014, added that rigour.

It's not a matter of if a project should be exempted; all projects are subjected to this now. At the time of the audit, no new projects had gone through the early gates. All the projects were in the latter gates of the portfolio management framework.

As I mentioned earlier, for all active projects I've pushed people back to meeting the requirements of the earlier gates—having all of the benefits identified, the requirements identified, and all of that. There's no exception. It's just that they had gone through those gates without doing it originally.

They're the entry-exit initiative, FOSS, or the field operations support system replacement project, the interactive advanced passenger information initiative, the single window initiative, and the temporary resident biometrics project.

Our issue was that as we were implementing our new framework, some of these projects—all of them, really—were in flight already. It was a question of how far back do you go given the project is.... For example, the single window initiative was approaching release to meet the previous gates, when the gates didn't exist when the project started.

Thank you to our officials for attending committee today, and also to the Auditor General for another fine report.

There is a line in the Auditor General's report that says that the Canada Border Service Agency administers over 90 different acts, regulations, and agreements with different federal agencies and provincial agencies. Somehow you have to have an information technology system that communicates with all these different agreements and agencies to meet their needs, as well as to meet the needs you're mandated to do, which is to facilitate the movement of goods and people safely across the border.

For the benefit of people watching committee proceedings, can you tell us if the information technology system you employ is something you can buy at an IT store as a plug and play unit? How complex are we talking here?

It's a very germane question to my everyday life, so thank you for the question.

It is a complex business. I talked about dependencies. I talked about the size of some.... We're talking about half a trillion dollars crossing the border every year and 14 million shipments. The multipliers are massive, and the legacy world my colleague alluded to with coming out of CRA, Citizenship and Immigration, and other areas of departments has created a challenge from an immigration perspective. We have a lot of point-to-point connections between systems that are legacy and aged, and are on the IT list to be replaced within the next five years.

That's what we have to take into consideration when we start large projects like the ones you have here that have very specific business requirements. We have to look at those as opportunities to achieve our goals toward a town plan and not as a separate investment, which is unfortunately the way some of those investments were managed in the past. It is constant awareness of the need to converge toward a better world that pushes us to intercept as many of those investments as we can.

In my previous role for 16 years as the board chair and president of Steinbach Credit Union, a $4.5 billion credit union, I went through many IT projects in the banking world and finance world. I understand a little of the complexity of some of these IT challenges. Often you go down a path for a certain distance and you find out it isn't going to achieve the end result. There are unforeseen things. The demands from people change as well from different departments, different agencies, and regulators. It's a constant moving target.

I'm sure you're up against that at a much larger scale, but in spite of all that, the report largely concludes that the Canada Border Services Agency has done a thorough job in establishing solid practices to deliver IT investments through its project portfolio management framework. The report also put forward some reasonable recommendations, which you as an agency have agreed to. As a result of that agreement, you embarked on some very ambitious benchmarks as far as compliance and targets are concerned.

I'm wondering if you can give this committee an update on the progress of some of those commitments you have made.

As we've noted, we have completed our IT plan, our investment plan, and a number of things you see in our management action plan. I've looked at a pilot version of a report on benefits realization, and we have a way to go. We'll have that report ready in September. As I said, we have people working to make sure we have benefits operationalized for all of these projects that are beginning.

We really appreciate the opportunity.

We've worked very hard in the agency to take an attitude toward audits and evaluations that these provide us with management information and help us to do our job better. As I said, benefits realization was part of our work plan anyway, but the audit did highlight some other areas where we decided we had better put something more robust in place to make sure it's institutionalized and continues into the future.

Speaking to the complexity issue, I also think our framework allows us to identify problems earlier so that we can talk about alternatives and solutions, so that we're not marching blindly off a cliff into a project that doesn't work or doesn't contribute to our agency's goals. The gating process lets us monitor if something's starting to go in a bad direction, or out of budget. I think we have a lot of information on a very frequent basis.

Mr. Normand, my good friend, Mr. Falk, asked you about buying off the shelf, but I know, sir, you weren't looking for an Atari or Commodore 16.

Let me go back to page 12 and paragraph 5.37 about FOSS, the field operations support system. In response to an earlier question, you said that there was a dispute between the two agencies, CBSA, which is your agency, and Immigration Canada. There's no confusion here; it's absolutely true.

What you said too, I believe, sir, is that the issue was who would do this, which may have inferred who would pay. Is that what you were saying?

Let me draw your attention to what Mr. Ferguson said, and I'll quote it. It's in the middle of the second bullet point on page 12 of the report. In reference to CBSA, it says:

In January 2014, the Agency had a difference of opinion with Citizenship and Immigration Canada over how a critical function of the replacement system would be built.

That's considerably different from who's going to pay. That's actually a difference of opinion, not about who's going to do it, but about what we are going to do. Would you not agree, sir, that it's not quite the same as who's going to pay for it?